diff options
author | Kenny Root <kroot@google.com> | 2015-07-24 21:02:57 +0000 |
---|---|---|
committer | Android Git Automerger <android-git-automerger@android.com> | 2015-07-24 21:02:57 +0000 |
commit | 3b2c60656d36f47063e972b9aa2c11ef235253a6 (patch) | |
tree | 4d210b442e8e6742e9b0ff9dca4fc158c1a6a03e /src/ssl/ssl_cert.c | |
parent | ffd8e0a5b40ce124e6dce4cb7546a26680d33d16 (diff) | |
parent | 07f4f42347557420f105a72d9a93bc8ee88a3dc5 (diff) | |
download | external_boringssl-3b2c60656d36f47063e972b9aa2c11ef235253a6.zip external_boringssl-3b2c60656d36f47063e972b9aa2c11ef235253a6.tar.gz external_boringssl-3b2c60656d36f47063e972b9aa2c11ef235253a6.tar.bz2 |
am 07f4f423: Merge changes Icdc56a50,I63d5dc28,Ia7d0c5d8,I47406533
* commit '07f4f42347557420f105a72d9a93bc8ee88a3dc5':
Handle RDRAND failures.
dsa_pub_encode: Write out DSA parameters (p, q, g) in addition to key.
Fix for CVE-2015-1789.
Fixes for CVE-2015-1791.
Diffstat (limited to 'src/ssl/ssl_cert.c')
-rw-r--r-- | src/ssl/ssl_cert.c | 51 |
1 files changed, 34 insertions, 17 deletions
diff --git a/src/ssl/ssl_cert.c b/src/ssl/ssl_cert.c index f1fd675..85aa079 100644 --- a/src/ssl/ssl_cert.c +++ b/src/ssl/ssl_cert.c @@ -119,11 +119,13 @@ #include <openssl/bio.h> #include <openssl/bn.h> #include <openssl/buf.h> +#include <openssl/ec_key.h> #include <openssl/dh.h> #include <openssl/err.h> #include <openssl/mem.h> #include <openssl/obj.h> #include <openssl/pem.h> +#include <openssl/x509.h> #include <openssl/x509v3.h> #include "../crypto/dh/internal.h" @@ -409,33 +411,48 @@ SESS_CERT *ssl_sess_cert_new(void) { } memset(ret, 0, sizeof *ret); - ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]); return ret; } -void ssl_sess_cert_free(SESS_CERT *sc) { - int i; - - if (sc == NULL) { - return; +SESS_CERT *ssl_sess_cert_dup(const SESS_CERT *sess_cert) { + SESS_CERT *ret = ssl_sess_cert_new(); + if (ret == NULL) { + return NULL; } - sk_X509_pop_free(sc->cert_chain, X509_free); - - for (i = 0; i < SSL_PKEY_NUM; i++) { - X509_free(sc->peer_pkeys[i].x509); + if (sess_cert->cert_chain != NULL) { + ret->cert_chain = X509_chain_up_ref(sess_cert->cert_chain); + if (ret->cert_chain == NULL) { + ssl_sess_cert_free(ret); + return NULL; + } } + if (sess_cert->peer_cert != NULL) { + ret->peer_cert = X509_up_ref(sess_cert->peer_cert); + } + if (sess_cert->peer_dh_tmp != NULL) { + ret->peer_dh_tmp = sess_cert->peer_dh_tmp; + DH_up_ref(ret->peer_dh_tmp); + } + if (sess_cert->peer_ecdh_tmp != NULL) { + ret->peer_ecdh_tmp = sess_cert->peer_ecdh_tmp; + EC_KEY_up_ref(ret->peer_ecdh_tmp); + } + return ret; +} - DH_free(sc->peer_dh_tmp); - EC_KEY_free(sc->peer_ecdh_tmp); +void ssl_sess_cert_free(SESS_CERT *sess_cert) { + if (sess_cert == NULL) { + return; + } - OPENSSL_free(sc); -} + sk_X509_pop_free(sess_cert->cert_chain, X509_free); + X509_free(sess_cert->peer_cert); + DH_free(sess_cert->peer_dh_tmp); + EC_KEY_free(sess_cert->peer_ecdh_tmp); -int ssl_set_peer_cert_type(SESS_CERT *sc, int type) { - sc->peer_cert_type = type; - return 1; + OPENSSL_free(sess_cert); } int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) { |